[anaconda] - scrapy - GHSA-4qqq-9vqf-3h3f patch vulnerablity (devcontainers#1070)

gauravsaini04 · web-flow · commit fb70f76e1fbf · 2024-05-21T14:09:46.000-07:00
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -47,7 +47,9 @@ RUN python3 -m pip install --upgrade \
     # https://github.com/advisories/GHSA-jjg7-2v4v-x38h
     idna==3.7 \ 
     # https://github.com/advisories/GHSA-h75v-3vvj-5mfj
-    jinja2==3.1.4
+    jinja2==3.1.4 \
+    # https://github.com/advisories/GHSA-4qqq-9vqf-3h3f
+    scrapy==2.11.2
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye
diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -53,6 +53,7 @@ checkPythonPackageVersion "gitpython" "3.1.41"
 checkPythonPackageVersion "jupyter-lsp" "2.2.2"
 checkPythonPackageVersion "idna" "3.7"
 checkPythonPackageVersion "jinja2" "3.1.4"
+checkPythonPackageVersion "scrapy" "2.11.2"
 
 checkCondaPackageVersion "pyopenssl" "23.2.0"
 checkCondaPackageVersion "requests" "2.31.0"
